CVE-2005-0198Improperly Implemented Security Check for Standard in Uw-imap

CWE-358Improperly Implemented Security Check for Standard8 documents7 sources
Severity
7.5HIGHNVD
EPSS
26.7%
top 3.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Uw-imap
Timeline
PublishedMay 2
Latest updateMay 1

Description

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

debiandebian/uw-imap< uw-imap 7:2002edebian1-6 (bookworm)

Patches

Patch: www.gentoo.orgPatch: www.kb.cert.orgPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-jj66-r59x-7j8w: A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (2022-05-01
OSV
CVE-2005-0198: A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (2005-05-02

📋Vendor Advisories

2
Red Hat
security flaw2005-01-27
Debian
CVE-2005-0198: uw-imap - A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMA...2005

📐Framework References

1
CWE
Improperly Implemented Security Check for Standard

💬Community

1
Bugzilla
CVE-2005-0198 security flaw2018-08-16